-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-EN-16:14.hv_storvsc                                     Errata Notice
                                                          The FreeBSD Project

Topic:          Disable incorrect callout in hv_storvsc(4)

Category:       core
Module:         hv_storvsc
Announced:      2016-08-12
Credits:        Microsoft OSTC
Affects:        FreeBSD 10.3
Corrected:      2016-05-06 05:16:42 UTC (stable/10, 10.3-STABLE)
                2016-08-12 04:01:16 UTC (releng/10.3, 10.3-RELEASE-p7)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.

I.   Background

The Hyper-V storage driver, hv_storvsc(4), always sets up a timeout(9) timer
when sending an I/O request to the host.  When the I/O is completed by the
host and the host notifies the virtual machine, callout_drain() is used in
another thread.

II.  Problem Description

The hv_storvsc(4) driver does not correctly set up the timer, and
callout_drain() does not remove the callout as expected.  When the callout is
later used again, it is unexpectedly reinitialized, which can cause
undetermined behavior in the kernel callout(9) system.

III. Impact

Unexpected behavior in the kernel callout(9) system can occur, such as
inability to halt the system with 'shutdown -h now'.

IV.  Workaround

No workaround is available, however FreeBSD virtual machines not running in
Hyper-V or Azure are unaffected.

V.   Solution

Perform one of the following:

1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.  After which, reboot the
system.

2) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install
After which, reboot the system.

3) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/EN-16:14/hv_storvsc.patch
# fetch https://security.FreeBSD.org/patches/EN-16:14/hv_storvsc.patch.asc
# gpg --verify hv_storvsc.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.

VI.  Correction details

The following list contains the correction revision numbers for each
affected branch.

Branch/path                                                      Revision
- -------------------------------------------------------------------------
stable/10/                                                        r299153
releng/10.3/                                                      r303984
- -------------------------------------------------------------------------

To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:

# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>

VII. References

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-16:14.hv_storvsc.asc>
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXrUsiAAoJEO1n7NZdz2rn5qAP/0OmatunIP/2a1U7SPNav55G
wa0/q9MOYb/+vRfGGynlGLt79E6gxYopwMXnVtm/Z1Hhqt7NEfT6h4Fjb6rjdIiz
Anwm6kNuesDjZGBSJ1POMP8DCXm16uqxZXQvGvzaVrdj/30gyFFrmUGPetJWnjZk
CawfOfDS+EynvXoXDuBUu9EeisUGFbcnb3zRTqXYq3adsxW9AwlstvCPnzKzvwom
KZKQz7AVB4XgD3B65UMpGrK7vi8u8PwXfn5sffhnt3KMchbpMA4HJXubrm9QmxxJ
KFQm4VOMxiqjSYMtTSW6q8uIArPG2y/Cs4agHUiSehRksMSUs6TCGdmSKN/OMn0D
Sby2MlcZCBuQDVmRdrotuTGkFvLAs/JagOojIAaz0wNcSWQv3F7DxuKx76C6jjlO
7mgEPrctDmQJMLIIAIqvzvG94DeleMEwLIV+5omr5hhy0FANfUksgUqPH5z2n6wZ
c4VJf8d1Jv6kpp8/uq1tcMrhmTtRwP1v7LYUBaHgy++C8azbrrS7BEMyqIB8Upal
CWlI9ZHZYoMWkpqATtlBs3rFmWNLxtCmf8a7Xa+Ox/hep6wrFD+TFmq2wzukTypq
BNGPIeHTxe7KdVcMbI87//SGWNEx/+W9iEcF4eGhE8JgGz+E0TvMR/JlK2479KXG
hsjMFVQWevI7sgvSKkBS
=XI3q
-----END PGP SIGNATURE-----
